 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
" a7 j8 A% ~- V7 j$ m3 E& hScan saved at 16:55:24, on 2006-5-6
* \# e: e8 K! l5 C# i2 |8 YPlatform: Windows XP SP2 (WinNT 5.01.2600)6 H" {* D# P6 \8 Z" p7 g! j
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) g3 E" q" T+ f! {
0 L" Z/ B' g; F+ s {% D9 N: \
Running processes:
, e5 ^1 j* G n. Q4 i8 H) rC:\WINDOWS\System32\smss.exe
# R! {* J" n+ N: y _8 GC:\WINDOWS\system32\winlogon.exe
7 E2 `" O# M2 Q5 J+ sC:\WINDOWS\system32\services.exe( g. @! O( U5 v) F8 g% v* Q% l0 v
C:\WINDOWS\system32\lsass.exe2 e/ |( t# `( c
C:\Program Files\Common Files\Virtual Token\vtserver.exe2 f$ D4 ]. P$ b) U
C:\WINDOWS\system32\ibmpmsvc.exe
( p+ M- A; `% Q4 I3 AC:\WINDOWS\system32\svchost.exe
0 t& F! g! ]- X$ z+ g- WC:\WINDOWS\System32\svchost.exe
3 \& u& y# L8 o# `+ ?' jC:\Program Files\Intel\Wireless\Bin\EvtEng.exe
" h$ _5 K5 B5 ?C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe P) m$ w6 R) D. S$ d8 l# P9 n# U
C:\WINDOWS\system32\spoolsv.exe" {4 I. E! l( _% L, B9 X F* f! p5 }7 f
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE) j& {" y9 U& O8 \ k7 S) ]4 M
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
* W+ M; h! V5 qC:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe# \2 K. Y8 O. D6 x) x
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
6 }& ~" U8 {6 h0 C5 d$ m& ]C:\Program Files\F-Secure\Common\FSMA32.EXE
' @ e' r7 ^+ S$ BC:\Program Files\F-Secure\Common\FSMB32.EXE
0 Y5 l. r1 E% k/ B! {9 q0 |; {C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
1 d) E: G' o. H1 |C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
6 X8 ]3 P v* U" uC:\WINDOWS\System32\QCONSVC.EXE
, i+ A6 n) `6 A2 h9 e- wC:\Program Files\F-Secure\Common\FCH32.EXE
# s! T {7 I7 f% n' _- ?C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe: { ] s2 ` e; A2 m# i/ a3 e
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe2 @% {' X9 U `
C:\WINDOWS\System32\TPHDEXLG.EXE. U8 y1 F4 w- W b
C:\Program Files\F-Secure\Common\FAMEH32.EXE
" o# c/ H2 |$ q( z: }) m2 AC:\WINDOWS\system32\TpKmpSVC.exe1 B# ?" Z; v3 k
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe& Z/ l5 f% d- K, t4 Z5 Q& n0 @
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe( z! ?! [ _6 W9 L% l) M$ ]
C:\Program Files\F-Secure\Common\FNRB32.EXE# D! `' {6 P& ~2 l
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
8 @. z4 q4 o+ E6 E. ]C:\Program Files\F-Secure\Common\FIH32.EXE- J5 |& W, F( M2 n& e' A( h
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe6 r `+ H' F3 z1 o$ {. R4 F
C:\WINDOWS\Explorer.EXE
) k% W( [- ]4 r" |$ }C:\Program Files\Synaptics\SynTP\SynTPLpr.exe D7 y: C r) t/ e, ?9 {
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe0 I5 Z: M4 r9 R* B8 `6 ~
C:\WINDOWS\system32\hkcmd.exe8 f6 s3 V- | R" d/ Z1 k3 ^- I
C:\WINDOWS\system32\TpShocks.exe5 Y& ~9 N$ K1 A1 G
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
) @4 u5 y k5 _; n2 x% AC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
! N$ ^" r$ B: ]& A" M! c9 \C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe9 r( X( x% V/ U6 c9 R' }4 k' I. W0 E
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe3 X5 [+ M9 I4 H" \: j' t
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
' e8 B4 u+ N' P4 K: m2 e6 \C:\WINDOWS\system32\dla\tfswctrl.exe$ e6 R ?7 o" s; w; ~! v
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe2 j+ p# Y$ z9 p% g2 \0 M5 U$ C
C:\IBMTOOLS\UTILS\ibmprc.exe
* q) q2 z3 l% W2 v9 hC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE. I+ t* y; u7 `6 }# P7 H1 l* g( `
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE8 b6 w- b# b. W, d- e+ X
C:\WINDOWS\System32\svchost.exe
; \* l6 f5 Z. z7 L8 x, u( V6 ~% BC:\WINDOWS\system32\rundll32.exe! y! q$ }' D" P5 f' y% D, N
C:\Program Files\F-Secure\Common\FSM32.EXE. U+ k* B, K" d& j, L
C:\WINDOWS\system32\CTFMON.EXE
' l7 M' Y3 E' y \4 q( V3 @, sC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe1 p& A* L' W k& g; P" J: ~
C:\Program Files\Digital Line Detect\DLG.exe
, V" E0 l4 h$ C- i: A8 sC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe' ~# F9 }4 z, L' Q
C:\Program Files\F-Secure\FSGUI\fsguidll.exe% P/ f# V: \8 w
C:\Program Files\Messenger\msmsgs.exe! D* A7 {$ \& ^
C:\Program Files\Internet Explorer\iexplore.exe
9 x: g- ^. N! v. p$ B/ TC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
1 h c! c3 d& r' `& ~( o8 w% j5 d- ~+ Q! L0 V/ F
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
; J3 I9 W& b- d, g, ZO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
0 Q+ d6 s# ?' d0 KO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3 i+ e4 c& P# _5 @4 uO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
`% }# j$ W- _# OO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe3 L6 o! J+ ^$ ~ G; W4 e
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
) ]" _0 o: b! t, X8 KO4 - HKLM\..\Run: [TpShocks] TpShocks.exe
. F3 s& [% V, o0 X& a$ z) VO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe. N) K; J9 C+ Q4 S. [ l, ]
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup" c* J; h6 |) x4 q5 y A0 ^
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe( \" }7 m: t) _( ^
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
' n9 x. B1 w- ^0 r; Y9 o g4 V' ^ D" zO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
6 e5 Y+ V6 |. q- ?3 c7 vO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
; R; a" Z9 n8 KO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r' [' ?- c+ I% J2 k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe$ z5 o& b W, B9 B" D8 o7 A
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe) {2 g# U% N$ h. ~" S4 D+ M
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe1 g! J5 T5 D1 o5 K7 j0 F
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE+ d# Z5 m: c7 [' x- O( a9 d' f/ t
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE9 Y/ F$ Z) B& `4 X1 G
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
W0 {# r/ o* l, `0 uO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
1 Y# T5 q p$ Q7 FO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration328 b4 z J6 u# m( C# t
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE( h( l4 z3 b5 [* B5 N" G+ f
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
; q! D& N7 e5 G# H. MO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
2 c1 z0 \ Q# e8 pO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName9 S/ y5 r* H$ ]
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
) x4 W- V0 e& B. e: hO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
6 z; c+ a' A, D3 U" W; b( KO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe, @$ s+ B7 v9 L8 H3 z+ l
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
, ?3 {5 s1 Y, P% ~" B" D/ _O4 - Global Startup: Digital Line Detect.lnk = ?
2 J I& ^8 M6 L3 E' e$ IO4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe% _0 w' u. j2 B4 N' W$ n5 A( @
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm6 L7 Y* L; i* r( l$ ~; J- v/ ]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll' A0 \. h, N1 T' ^8 M* I
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll! z/ O- z. L/ }+ S- `
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
# e8 `) Z! k9 X9 A: o! s0 q0 ~O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
# y) p; \( @# ^1 oO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
: D% s r# n N& G- p- d8 `O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe% j% v9 t8 g& q9 _2 [
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
) s" c+ C2 N0 Y+ [! e0 NO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
' c) O3 }+ Q8 v4 ^O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll/ }+ D2 u& C% z' q1 Q/ X1 Y
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
+ [- M5 M4 y+ ?4 m! _$ mO11 - Options group: [JAVA_IBM] Java (IBM)
9 W" C3 ^' R* |9 b" Y; _( OO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
/ P0 b+ J; a" C4 SO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
$ q9 F; D1 `( a5 LO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
* X1 g% `- v, }0 ~+ S' f. Z, rO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
k4 s7 G+ G4 ZO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE6 p4 x: N% Z' y" ~! F2 f* [
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
3 k1 ]1 d$ W9 X" e3 O) pO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
; q- ?2 ^4 {8 I5 DO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE* O8 `( d% m7 ?5 P- e. b
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe" a: J7 l. R h: S& T
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe( Y4 e4 D: X- n; O; ^
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
: Z& d& w" F# [8 @# f5 e$ AO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe# g) U- U' h, s
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe) q9 L5 ]% H7 g. O- @
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe+ w9 J3 o D* T0 k7 v3 A2 o
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
! H& n9 |& M( E K1 |- AO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
( `" l" o( I& d1 U6 F, KO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
' U0 }/ K$ W; L5 T5 [O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe0 r+ V3 K9 l+ A
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
1 F8 t+ L* n/ G& E# O- ?& PO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE. R+ N7 ]( f/ |
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe1 m+ y* g' W* N C% M
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
